1. John Parris

    Maybe WordPress core should present users with information that states something to the effect of: WordPress enables Gravatar by default. When Gravatar is enabled, your IP address and a referring URL are sent to third-party servers owned by Automattic, Inc. on every page load. This information could be used to track your browsing activities and interests by Automattic and/or anyone they chose to share the information with. This also applies to everyone that visits your site. When put in context, WordPress runs 20% of the web, so when enabling this service you’re adding to a global tracking network owned by a third party commercial entity whose goals and philosophies may or may not align with yours, now and/or in the future. To disable Gravatar, click here.


  2. Jean Galea

    I completely agree with the article, and this is the way I have implemented tracking within my WP RSS Aggregator plugin. Another good example is Easy Digital Downloads, in that plugin the author offers a discount on other add-ons if the user enables tracking.

    On a related note, it would also be useful to know what data the WordPress software and related services such as Gravatar are sending back. I’m also of the opinion that there is not enough data being provided to plugin developers, which what motivates many developers to install tracking systems. As developers it is very useful for us to know which versions are in use for example. Before there used to be the version pie chart on the Stats page of a plugin, but it is no longer being displayed.


  3. Andreas

    @Jean Galea – You can read all about it in this ticket: http://core.trac.wordpress.org/ticket/14682 comment towards the end has link to incident revolving Gravatar that has cost some people their jobs etc. There is also video presentation showing that sites using Gravatar makes available data that can be used for nefarious purposes.


  4. Jean Galea

    That’s an interesting one Andreas, thanks for bringing it up.


  5. Andreas

    Might be good too note that a person revealed through the Gravatar system had a bomb put in his frontdoor mailbox last night. It could be unrelated but timing suggest its connected.


  6. ron Thomson

    I certainly did not know about the gravatar leak. By it raises questions for me.
    1. Living in Europe I am required to let every visitor know about any tracking cookies that may exist on the site. However if visitors leaving comments on a wordpress install are able to be identify then they could be tracked. Am I breaking the law by not declaring this leak of privacy?

    2. Should it be in my privacy policy?

    3 Why are automattic not being open with their users? If the EU decide to prosecute can I lead innocence because Matt was keeping me as a non technie in the dark? Or have automattic inc got a special disclaimer that covers this liability for them and us as users?



  7. Denis

    Plugins collecting information and phoning home to a third-party without the user’s consent is a serious issue in the WordPress community.


    *Cough*! *Cough*! *Cough*!

    [Catches breath…]

    Can we please address WordPress itself before trying to give lessons to plugin and theme authors?

    Phones home with a lot more information than it should? Check.

    Collects information on its users using Gravatars and pray tell what else? Check.

    Creates potential privacy issues in the process by exposing md5’d versions of commenter email addresses? Check.

    Doesn’t disclose any of the above? Check.

    Doesn’t allow to easily disable any of the above? Check.

    Consistently refused to address any of the above issues for *years*, going as far as closing several related tickets as *won’t fix*? Check.

    No offense, but who the hell do you thing you’re kidding here with this shameless and ludicrous angelic stance?

    WordPress itself is the worst offender in this area. Period, end of story. No ifs, no buts.

    As long as WordPress doesn’t get this right and lead by example, this entire article is moot.


  8. Paul


    Where’s Glenn Greenwald when you need him?


  9. Ryan Hellyer

    I think it would be nice if there was a policy of disclosing any features which can be used to track you. A lot of plugins and themes implement code which could be used to track you, even though they most likely don’t.

    I don’t think a rule like that would be implemented any time soon though, since WordPress itself would fail such a rule quite badly, but I do think it would be a good thing.


Comments are closed.

%d bloggers like this: